Weird phishing attempt
Ugo Bellavance
ugob at lubik.ca
Sat Dec 1 12:34:25 GMT 2007
Denis Beauchemin wrote:
> Hello all,
>
> I just received the attached email. No HTML, no image, just plain text.
> Funny thing is I don't know anything about them...
>
> I looked on their web site (
> http://www.sunwestfcu.org/site/contact_locations.html#phone ) and
> couldn't find the toll-free phone number. Could someone have hacked into
> someone else's PBX and used it for phishing?
They don't need to... They just bought themselves a toll-free number.
I don't know how, but this should be reported so that the phone number
is shut down it if is some kind of social engineering scam.
Ugo
>
> It's the first time I see something like this!
>
> Denis
>
>
> ------------------------------------------------------------------------
>
> Subject:
> New message from Customer Service
> From:
> "SunWest Federal Credit Union"<info at sunwestfcu.org>
> Date:
> Fri, 30 Nov 2007 07:03:20 -0800
>
> Return-Path:
> <info at sunwestfcu.org>
> Received:
> from courriel-fe1.usherbrooke.ca (courriel.USherbrooke.ca
> [132.210.244.146]) by courriel4.usherbrooke.ca (Cyrus
> v2.2.12-UdeS-RPM-2.2.12-3.RHEL4.1_udes_f) with LMTPA; Fri, 30 Nov 2007
> 10:05:16 -0500
> X-Sieve:
> CMU Sieve 2.2
> Received:
> from courriel-fe1.usherbrooke.ca ([unix socket]) by
> courriel-fe1.usherbrooke.ca (Cyrus v2.1.18) with LMTP; Fri, 30 Nov 2007
> 10:05:16 -0500
> Received:
> from smtpe3.usherbrooke.ca (smtpe3.USherbrooke.ca [132.210.244.89]) by
> courriel-fe1.usherbrooke.ca (8.12.11.20060308/8.12.11) with ESMTP id
> lAUF5FjY000849 for <bead2306 at livraison.locale>; Fri, 30 Nov 2007
> 10:05:15 -0500
> Received:
> from atlngroup.com (mail.atlngroup.com [192.117.140.85]) by
> smtpe3.usherbrooke.ca (8.13.8/8.13.8) with ESMTP id lAUF4wju022298 for
> <d.beauchemin at usherbrooke.ca>; Fri, 30 Nov 2007 10:05:09 -0500
> Received:
> from User ([64.193.95.50]) by atlngroup.com with Microsoft
> SMTPSVC(6.0.3790.3959); Fri, 30 Nov 2007 17:03:20 +0200
> MIME-Version:
> 1.0
> Content-Type:
> text/plain; charset="Windows-1251"
> X-Priority:
> 3
> X-MSMail-Priority:
> Normal
> X-Mailer:
> Microsoft Outlook Express 6.00.2600.0000
> X-MimeOLE:
> Produced By Microsoft MimeOLE V6.00.2600.0000
> Message-ID:
> <SERVERzVNzXbAQR2xJA00000017 at atlngroup.com>
> X-OriginalArrivalTime:
> 30 Nov 2007 15:03:20.0872 (UTC) FILETIME=[257B7A80:01C83362]
> X-UdeS-MailScanner-Information:
> Veuillez consulter le http://www.usherbrooke.ca/vers/virus-courriel
> X-UdeS-MailScanner:
> Aucun code suspect détecté
> X-MailScanner-SpamCheck:
> n'est pas un polluriel, SpamAssassin (not cached, score=4.409, requis
> 4.5, BAYES_50 0.00, FORGED_MUA_OUTLOOK 3.12, MISSING_HEADERS 1.29)
> X-UdeS-MailScanner-SpamScore:
> ====
> X-UdeS-MailScanner-From:
> info at sunwestfcu.org
> X-Spam-Status:
> No
> Content-Transfer-Encoding:
> quoted-printable
> X-MIME-Autoconverted:
> from 8bit to quoted-printable by safir.blacknight.ie id lAUGgaGw023594
>
>
> This communication was sent to safeguard your account against any
> unauthorized activity.
>
> SunWest Federal Credit Union is aware of new phishing e-mails
> that are circulating. These e-mails request consumers to click
> a link due to a compromise of a credit card account.
>
> You should not respond to this message.
>
> For your security we have deactivated your card.
>
> How to activate your card
>
> Call (877) 300-6167
>
> Our automated system allows you to quickly activate your card
>
> What to expect when activating online
>
> Card activation will take approximately one minute to complete.
>
> © SunWest Federal Credit Union - All Rights Reserved
>
>
More information about the MailScanner
mailing list